IME...college/education is not a significant factor in hiring for Security.
Experience, and good judgement (that thing you get from bad experiences) are more significant. I'm a security pro. Been doing it for ~9 years, one of a staff of about 18, doing Info Sys Security for a large publicly held corporation.
I came out of the Operations area, doing server/domain/sysadmin type of support work. I have very intentionally avoided pretty much every operations-related role in ISS (A/V, firewalls, IDS, then IPS, log monitoring, etc..), and transferred it to a new guy when I couldn't avoid it. I *like* being able to sleep at night! I primarily work in PKI, assisting application owners in using our PKI. Other big projects have included setting up client encryption (then turned most of it over to the ops group), and architecting authentication solutions (usually PKI based, but not always).
If you want to work in the field, then:
1. Spend time as a sysadmin, netadmin, or similar role.
2. Understand networking, and the roles/features of different network devices. (Router, switch, DNS, DHCP, firewall, tap, WAP, OIS stack, etc...)
3. Plan to turn your job over to other, not as smart people. Figure out a way to implement a particular protection (a/v, data encryption, VPN, strong authentication, etc..)...then turn over all the front-line support to a 24-hour help desk. That way you'll have time to move on to other new and interesting technologies.
Experience, and good judgement (that thing you get from bad experiences) are more significant. I'm a security pro. Been doing it for ~9 years, one of a staff of about 18, doing Info Sys Security for a large publicly held corporation.
I came out of the Operations area, doing server/domain/sysadmin type of support work. I have very intentionally avoided pretty much every operations-related role in ISS (A/V, firewalls, IDS, then IPS, log monitoring, etc..), and transferred it to a new guy when I couldn't avoid it. I *like* being able to sleep at night! I primarily work in PKI, assisting application owners in using our PKI. Other big projects have included setting up client encryption (then turned most of it over to the ops group), and architecting authentication solutions (usually PKI based, but not always).
If you want to work in the field, then:
1. Spend time as a sysadmin, netadmin, or similar role.
2. Understand networking, and the roles/features of different network devices. (Router, switch, DNS, DHCP, firewall, tap, WAP, OIS stack, etc...)
3. Plan to turn your job over to other, not as smart people. Figure out a way to implement a particular protection (a/v, data encryption, VPN, strong authentication, etc..)...then turn over all the front-line support to a 24-hour help desk. That way you'll have time to move on to other new and interesting technologies.